使用htaccess的从文本文件禁止IP地址 [英] Ban IPs from text file using htaccess

问题描述

我已阅读并理解了如何使用htaccess的阻止一个IP：

I read and understand how to block an ip using htaccess:

order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88
...
allow from all

但我黑色的IP地址列表，包括数以千计的IPS。 我所有的IP地址保存到 blacklist.txt 文件。

But my list of black IPs includes thousands of IPs. I save all IPs to a blacklist.txt file.

我可以使用htaccess的调用 blacklist.txt 并阻止它们存储在该文件中的所有IP地址？如果是这样，怎么样？

Can I use htaccess to call blacklist.txt and block all IPs which are stored in this file? If so, how?

推荐答案

您可以尝试使用的 RewriteMap指令。你需要访问的服务器/虚拟主机的配置，因为该指令只在那里工作。然后，您可以使用地图内htaccess的文件。

You can try using variations of RewriteMap. You'll need access to the server/vhost config because that directive only works there. You can then use the map inside htaccess files.

假设您的 blacklist.txt 文件看起来是这样的：

Say your blacklist.txt file looks like this:

111.222.33.44  deny
55.66.77.88    deny
192.168.0.1    allow

您可以定义图如下所示：

You can define the map like so:

RewriteEngine On
RewriteMap access txt:/path/to/blacklist.txt

然后在你的htaccess的，你可以调用图：

Then in your htaccess, you can invoke the map:

RewriteEngine On 
RewriteCond ${access:%{REMOTE_ADDR}} deny [NC]
RewriteRule ^ - [L,F]

条件调用地图，并检查是否在远程地址映射到单词否定，如果是这样，重写规则完全禁止访问。

The condition invokes the map and checks if the remote address maps to the word "deny", and if so, the rewrite rule outright forbids access.

如果您的 blacklist.txt 是IP地址的只有一个列表，你不希望添加的每一个接一个的拒绝，你需要调用程序的地图类型，然后撰写一个脚本，是这样的：

If your blacklist.txt is only a list of IPs, and you don't want to add a "deny" after each one, you'll need to invoke a program map type and write a script, something like this:

#!/bin/bash

while true
do
    read INPUT
    MATCH=`grep $INPUT /path/to/blacklist.txt`
    if [ -z "$MATCH"  ]; then
        echo "allow"
    else
        echo "deny"
    fi
done

这无限循环读取输入，并在里grep blacklist.txt 文件。如果IP是在文件中，输出一个拒绝，否则它输出允许。然后，你会创建地图，如下所示：

which infinite loops read input and greps the blacklist.txt file. If the IP is in the file, output a "deny", otherwise it outputs a "allow". Then you'd create the map like so:

RewriteEngine On
RewriteMap access prg:/path/to/blacklist.txt

和重写规则所要检查的地图就没有什么不同。

And the rewrite rule to check against the map would be no different.

这篇关于使用htaccess的从文本文件禁止IP地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！